Risk management

A. Scarcity of resources and capacity in meeting customer demand

The energy transition and growing customer demand are leading to a structural shortage of staff, materials, and grid capacity. This results in delays in meeting customer requirements, higher costs, customer dissatisfaction, and risks to quality and safety. The labour market for technical staff is tight, the electricity grid is becoming increasingly congested, and the security of supply of materials is under pressure due to geopolitical and market factors. Despite a wide range of measures, the risk remains high, partly due to demographic developments, complex permitting processes, and limited predictability of material demand. This scarcity is expected to persist or even increase in the coming years.

• Strategic partnerships and procurement with contractors to secure additional capacity

• Accelerated and standardised training programmes (including academies and train-the-trainer initiatives)

• Proactive investment in grid expansion and the implementation of congestion management

• Development and standardisation of flexible products and work processes

• Category and supplier management, including risk dashboards

• Expansion of logistics and supplier capacity through procurement processes

• Monitoring of market developments and use of alternative recruitment channels

• Cross-departmental collaboration in planning and supply chain management

Risk in 2025 compared with 2024:

Unchanged

B. Digital security and continuity of data and systems

Increasing digitalisation, growing dependence on cloud and IT systems, and the emergence of new technologies (such as quantum computing and generative AI) significantly increase the risk of unauthorised data use, cyberattacks, and large-scale system outages. Incidents may result in data breaches, disruption of business processes, reputational damage, financial losses, and non-compliance with laws and regulations. This threat is amplified by geopolitical tensions, the complexity of the IT landscape, and the limited maturity of certain processes. New legislation and technological developments require continuous adaptation of security measures. The risk remains high and is evolving rapidly, driven in particular by the fast adoption of AI and the anticipated breakthrough of quantum technologies.

Geopolitical tensions and state-sponsored actors, together with increasing digitalisation and integration with operational technology, are key drivers of the increased likelihood of this risk. This is partly mitigated by improved control measures.

• Insight through digital security dashboards

• Regular testing for vulnerabilities and cyberattacks

• Security embedded in system design

• Limiting and governing the use of artificial intelligence

• Business continuity and recovery plans in place and regularly tested

• Strengthened supplier policies focused on digital security

• Training and awareness programmes for employees

• Preparation for quantum-resistant encryption

• Alignment with new European and national legislation (including NIS2, Wbni2 and EU Grid Codes)

Risk in 2025 compared with 2024:

Likelihood

Impact

C. Safety of employees, bystanders, and public spaces

Working on electricity and gas infrastructure and in public spaces entails risks of accidents and health damage for employees and bystanders. Causes include incorrect risk assessments, unsafe situations, failing materials, aggression from the surrounding environment, and more complex working conditions than in the past. Incidents may result in serious injuries, long-term health effects, reputational damage, and financial consequences. Despite ongoing efforts, the risk is increasing due to the growing complexity of work, stricter legislation, and changing external conditions such as climate change and broader societal developments.

• Training and education of employees in safe working practices and risk awareness

• Implementation of gas-free and de-energised working methods

• Second-line safety controls in work processes

• Maintenance and replacement programmes for grids and components

• Strict access control and physical security of installations

• Use of digital tools for safety monitoring and reporting

• Improved communication with customers to reduce aggression

• Periodic audits and quality checks at suppliers and contractors

• Crisis management arrangements and immediate follow-up of incidents

Risk in 2025 compared with 2024:

Likelihood

D. Large-scale and/or frequent interruptions to the energy supply

The risk of large-scale and/or frequent interruptions to the energy supply is increasing due to natural disasters, climate change, ageing networks, increased loads, and external threats such as deliberate damage or gas shortages. Such interruptions may result in prolonged power and gas outages, operational disruptions, legal consequences, and reputational damage.

Growing demand and delayed investments are placing greater strain on grids, increasing the likelihood and frequency of outages. Awareness of these risks has increased, partly in response to recent crises and developments both domestically and internationally. Preventing outages and ensuring rapid recovery remain top priorities.

• Regular maintenance and timely replacement of grid components

• Crisis management plans and crisis exercises, including a strong focus on communication

• Availability of emergency power supplies and spare parts

• Continuous updating of grid design and safety guidelines

• Prioritisation of maintenance over customer-driven activities

• Monitoring of critical networks and risk analysis

• Specific measures to prevent excavation damage and other external threats

• Cooperation with national and regional authorities for protection and recovery

Risk in 2025 compared with 2024:

Unchanged

E. Financial resilience and ability to obtain financing of Enexis

Enexis’ financial position is under pressure due to fluctuations in interest rates and commodity prices, rising investment levels, and a lag in the adjustment of regulatory remuneration. As a result, the need for equity increases, and attracting financing becomes more challenging. A deterioration in the credit profile could lead to higher interest costs, reduced access to funding, and diminished confidence among shareholders and lenders. Over time, this could jeopardise the continuity of investments and the execution of the strategy. Due to Enexis’ larger scale, declining financial buffers, and external economic developments, this risk has increased relative to the previous year.

• Regular analysis and reporting of financial risks by the Treasury department

• Proposals aimed at limiting the impact of price risks

• Assessment of options to strengthen financial buffers, for example through the separation of non-regulated activities

• Measures to improve the credit profile and limit risks in relation to credit rating agencies

• Executive-level decision-making on financial strategy and risk management

Risk in 2025 compared with 2024:

Likelihood

Impact

F. Agility and capacity for change of Enexis

The energy transition, changing legislation and regulations, and increasing market complexity require an organisation that can respond quickly and effectively to change. Enexis faces the risk that customer processes, employees, value chains, and overall change capacity may not be sufficiently agile to respond in a timely and effective manner, partly due to the organisation's rapid growth. This could result in delays in achieving strategic objectives, declining customer satisfaction, inefficiencies, increased workload, and missed opportunities in the energy transition. Despite various initiatives, the risk remains high due to the scale and pace of change, limited capacity, and the need for collaboration both within and outside the organisation.

• Accelerating and renewing customer processes and products

• Investing in leadership, collaboration, and employee development

• Strategic workforce planning and a focus on sustainable employability

• Strengthening cooperation with other grid operators and partners

• Programme-based governance and prioritisation of change initiatives

• Phasing and planning of major transformation programmes

• Regular evaluation and adjustment of strategy and execution

Risk in 2025 compared with 2024:

Unchanged

G. Reputation and trust among customers and stakeholders

Due to energy system scarcity and uncertainty in investment planning, customer and stakeholder expectations cannot always be met. Insufficient transparency and delays or shortcomings in responding to complaints or incidents increase the risk of negative perceptions, complaints, and reputational damage. Incidents, delays, or unclear communication may lead to dissatisfaction, claims, and a loss of trust in the organisation. The potential impact of reputational damage has increased due to growing bottlenecks in the energy transition, waiting lists, limited customer options, and political and societal pressures amplified by social media. Fast and open communication is therefore increasingly important for maintaining trust.

• Proactive and transparent communication with customers and stakeholders

• Timely communication on developments, bottlenecks, and solutions

• Use of national capacity maps and public information campaigns

• Monitoring customer satisfaction and reputation through surveys and media analysis

• Clear structures and preparation for crisis communication

• Intensive cooperation within the sector and with public authorities

• Training and awareness programmes for employees on reputational risks

• Projects focused on stakeholder engagement and relationship management

Risk in 2025 compared with 2024:

Impact

H. Constraints and uncertainties arising from regulation and permitting

The energy transition requires rapid expansion of the electricity grid, but spatial constraints, complex and lengthy permitting procedures, changing legislation and regulations, and nitrogen-related restrictions are causing delays. In addition, legalisation is increasing: customers and stakeholders are increasingly resorting to legal proceedings when faced with delays or a lack of clarity. Political instability and policy unpredictability further complicate timely anticipation. As a result, projects may be delayed or cancelled, costs may rise, and the risk of dissatisfaction and reputational damage increases. While the urgency is high, the required acceleration is constrained by external factors and internal coordination. Consequently, this risk has increased compared with 2024.

• Adjusting organisational structures and processes to improve spatial integration

• Intensive cooperation with public authorities and other grid operators

• Proactive lobbying to support faster decision-making and clearer policy

• Development and implementation of policies addressing nitrogen restrictions

• Legal support in relation to new legislation and disputes

• Monitoring of projects and early identification of delays

• Ongoing stakeholder dialogue and transparent communication about bottlenecks

• Identification and reporting of risks and delays within projects

Risk in 2025 compared with 2024:

Likelihood

Impact

I. Risk of incorrect decision-making due to insufficient data quality

Enexis is increasingly dependent on data for operational decision-making and process management. Insufficient accuracy, completeness, or timely availability of data may lead to incorrect decisions, disruptions in core processes, and unreliable reporting. As the use of predictive models and artificial intelligence continues to grow, the importance of high data quality becomes ever more critical. Data quality issues heighten the risk of errors, increased costs, and loss of trust. The need to rely on accurate and timely data is increasing, particularly as the network becomes more complex and must respond more rapidly to developments.

• Development of a central data strategy and data platform

• Improving data quality across all processes

• Assigning clear responsibilities for data governance

• Training and awareness programmes focused on data quality

• Appointment of a chief data officer with primary responsibility and focus on data quality

Risk in 2025 compared with 2024:

Unchanged

J. Geopolitical disruption leading to disruption of energy supply and service delivery

Increasing geopolitical tensions, cyber threats, supply chain disruptions, and international conflicts expose Enexis to the risk of interruptions to energy supply and services for customers and society. This may result in reduced reliability, higher costs, limited access to energy, and damage to infrastructure. The energy transition and growing dependence on international markets further increase this vulnerability. This risk is new as an integrated theme, although individual components, such as cyber and procurement risks, had already been identified. The likelihood of disruption is real, and the potential impact is very significant, making resilience increasingly important.

• Periodic monitoring of threats and regular audits of resilience, crisis management, and business continuity management

• Strengthening resilience and cooperation within the energy sector, including defining clear objectives and associated actions

• Developing integrated risk analyses and crisis management plans, supported by appropriate governance structures

• Implementing business continuity policies

• Enhancing cybersecurity measures and incident reporting

• Ongoing monitoring of threats and periodic resilience audits

• Strengthening the resilience of employees

Risk in 2025 compared with 2024:

New in 2025